Sony Hires Former Microsoft Exec as Security Chief

Sony appointed a former Microsoft executive, Philip Reitinger, to a new position overseeing infrastructure security efforts.

The move follows a series of highly publicized security breaches of a Sony online service used by Sony PlayStation game console owners. Reitinger, who once served as the head of Microsoft's Trustworthy Computing unit, has been named as Sony's first chief information security officer, partly in reaction to those security problems. Reitinger more recently served as the deputy undersecretary for the U.S. Department of Homeland Security.

In addition to his new role as Sony's top information security officer, Reitinger will also serve as a senior vice president for the company, according to Sony's announcement on Tuesday.

Reitinger was employed at Microsoft from 2003 to 2009. During that time, he served as the company's chief trustworthy infrastructure strategist, and was responsible for collaborating with private- and public-sector organizations on infrastructure security issues. In 2009, after leaving Microsoft, he was appointed by Secretary of Homeland Security Janet Napolitano to two cybersecurity positions: deputy undersecretary for the National Protection and Programs Directorate, and director of the National Cybersecurity Center.

As Sony's chief information security officer, Reitinger will report to Nicole Seligman, Sony executive vice president and general counsel.

Sony created the position of chief information security officer in May after fending off bad publicity associated with a security hack in April that exposed the personal information of an estimated 75 million PlayStation Network users. The hack prompted Sony to take its PlayStation Network service offline for several weeks.

Even after it began restoring the PlayStation Network service, Sony remained the target of several security breaches. A SQL injection attack in June, attributed to the hacker group LulzSec, disclosed the personal information of over 1 million Sony customers. Another LulzSec hack a few days later targeted Sony's developer network. (See "Anonymous/LulzSec Hack Timeline.")

The creation of the chief information security officer position was one of several security-related changes Sony implemented after the initial April attacks. At the time, Sony said the chief information security officer's purpose was "to add a new position of expertise in and accountability for customer data protection and supplement existing information security personnel."

In his new role at Sony, Reitinger will be responsible for the "security of Sony's information assets and services," according to the company. "He will oversee information security, privacy and internet safety across the company, coordinating closely with key headquarters groups and working in partnership with the information security community to bring the best ideas and approaches to Sony."